[Bug 1103022] Re: 70-udev-acl.rules needs to put g+rw on /dev/kvm

Wed Jan 30 06:31:41 UTC 2013

> This is where you've gone wrong in your experiment. The /dev/kvm perms will be correct because you've reloaded kvm_intel
after a (any) 40-qemu-system.rule existed.

Ah, thanks for pointing out!

I just noticed another problem which we might have overlooked here:

$ sudo rmmod kvm_intel kvm
$ sudo mv /lib/udev/rules.d/40-qemu-system.rules{,.disabled}
$ sudo mv /lib/udev/udev-acl{,.disabled}
$ sudo modprobe kvm_intel
$ sudo cp /lib/udev/rules.d/40-qemu-system.rules{.disabled,}
$ udevadm trigger --sysname-match=kvm  --verbose
/sys/devices/virtual/misc/kvm
$ ls -l /dev/kvm
crw------- 1 root root 10, 232 Jan 30 07:21 /dev/kvm

i. e. triggering a change (or add) event does not actually apply the
GROUP and MODE settings to /dev/kvm, it remains as root. This is without
any udev-acl magic, and happens both with the current package rules as
well as the simpler rules I tried above (without the := and RUN).

So that part of the postinst doesn't currently work as expected.

When I work around this by setting the permissions manually (as the
postinst intends to do)

   sudo chgrp kvm /dev/kvm
   sudo chmod g+rw /dev/kvm

then running

  sudo /lib/udev/udev-acl.disabled -a change --device=/dev/kvm

seems to have the desired effect:

$ getfacl /dev/kvm
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
user:martin:rw-
group::rw-
mask::rw-
other::---

So may it be that this was a red herring, caused by the unexpected/wrong
group and permissions of /dev/kvm after triggering the rule?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to udev in Ubuntu.
https://bugs.launchpad.net/bugs/1103022

Title:
  70-udev-acl.rules needs to put g+rw on /dev/kvm

Status in “udev” package in Ubuntu:
  Confirmed

Bug description:
  When qemu-system gets installed, the newly installed udev rule causes
  /dev/kvm to gets chgrpd to kvm and its mode to get set to g+rw.
  However, because /dev/kvm was tagged with ACL previously, there is a
  group:: acl on /dev/kvm which does not get removed.  Therefore
  /dev/kvm is g+rw in the file mode, but the acl denies group read/write
  access.  After a reboot all is fine.

  I have not seen a clean way to have udev remove that acl, and there is
  no reason for it.  So please update the 70-udev-acl.rules file to set
  MODE=0660 on /dev/kvm

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udev/+bug/1103022/+subscriptions